diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-07-25 00:13:32 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2021-07-25 00:15:08 +0200 |
commit | 794fa2206659457ba45c6f476ba8b162460cdaad (patch) | |
tree | 5e61ed248198e590586933e7a6b779bf9eb6ec07 /interface-definitions | |
parent | 937f1e43ebb9b844b9b73584c3571a18d56bf529 (diff) | |
download | vyos-1x-794fa2206659457ba45c6f476ba8b162460cdaad.tar.gz vyos-1x-794fa2206659457ba45c6f476ba8b162460cdaad.zip |
ipsec: T1210: add RADIUS authentication for remote-access IKEv2 VPN
set vpn ipsec remote-access connection rw authentication client-mode 'eap-radius'
set vpn ipsec remote-access connection rw authentication id '192.0.2.1'
set vpn ipsec remote-access connection rw authentication server-mode 'x509'
set vpn ipsec remote-access connection rw authentication x509 ca-certificate 'CAcert_Class_3_Root'
set vpn ipsec remote-access connection rw authentication x509 certificate 'vyos'
set vpn ipsec remote-access connection rw esp-group 'ESP-RW'
set vpn ipsec remote-access connection rw ike-group 'IKE-RW'
set vpn ipsec remote-access connection rw local-address '192.0.2.1'
set vpn ipsec remote-access connection rw pool 'ra-rw-ipv4'
set vpn ipsec remote-access connection rw unique 'never'
set vpn ipsec remote-access pool ra-rw-ipv4 name-server '192.0.2.2'
set vpn ipsec remote-access pool ra-rw-ipv4 prefix '192.168.22.0/24'
set vpn ipsec remote-access radius nas-identifier 'fooo'
set vpn ipsec remote-access radius server 172.16.100.10 key 'secret'
Diffstat (limited to 'interface-definitions')
-rw-r--r-- | interface-definitions/vpn_ipsec.xml.in | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index 858adb13a..165fdfdf3 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -703,18 +703,22 @@ <properties> <help>Client authentication mode</help> <completionHelp> - <list>eap-tls eap-mschapv2</list> + <list>eap-tls eap-mschapv2 eap-radius</list> </completionHelp> <valueHelp> <format>eap-tls</format> - <description>EAP-TLS</description> + <description>Client uses EAP-TLS authentication</description> </valueHelp> <valueHelp> <format>eap-mschapv2</format> - <description>EAP-MSCHAPv2</description> + <description>Client uses EAP-MSCHAPv2 authentication</description> + </valueHelp> + <valueHelp> + <format>eap-radius</format> + <description>Client uses EAP-RADIUS authentication</description> </valueHelp> <constraint> - <regex>^(eap-tls|eap-mschapv2)$</regex> + <regex>^(eap-tls|eap-mschapv2|eap-radius)$</regex> </constraint> </properties> <defaultValue>eap-mschapv2</defaultValue> @@ -872,6 +876,17 @@ #include <include/accel-ppp/name-server.xml.i> </children> </tagNode> + #include <include/radius-server-ipv4.xml.i> + <node name="radius"> + <children> + #include <include/radius-nas-identifier.xml.i> + <tagNode name="server"> + <children> + #include <include/accel-ppp/radius-additions-disable-accounting.xml.i> + </children> + </tagNode> + </children> + </node> </children> </node> <node name="site-to-site"> |